<!DOCTYPE HTML>
<html lang="en-GB">

<!-- Begin mPulse library -->
<script>
	(function(){
		// Boomerang Loader Snippet version 10
		if (window.BOOMR && (window.BOOMR.version || window.BOOMR.snippetExecuted)) {
			return;
		}

		window.BOOMR = window.BOOMR || {};
		window.BOOMR.snippetExecuted = true;

		var dom, doc, where, iframe = document.createElement("iframe"), win = window;

		function boomerangSaveLoadTime(e) {
			win.BOOMR_onload = (e && e.timeStamp) || new Date().getTime();
		}

		if (win.addEventListener) {

			win.addEventListener("load", boomerangSaveLoadTime, false);

		} else if (win.attachEvent) {
			win.attachEvent("onload", boomerangSaveLoadTime);
		}

		iframe.src = "javascript:void(0)";
		iframe.title = "";
		iframe.role = "presentation";
		(iframe.frameElement || iframe).style.cssText = "width:0;height:0;border:0;display:none;";
		where = document.getElementsByTagName("script")[0];
		where.parentNode.insertBefore(iframe, where);

		try {
			doc = iframe.contentWindow.document;

		} catch (e) {

			dom = document.domain;
			iframe.src = "javascript:var d=document.open();d.domain='" + dom + "';void(0);";
			doc = iframe.contentWindow.document;
		}

		doc.open()._l = function() {

			var js = this.createElement("script");

			if (dom) {
				this.domain = dom;
			}

			js.id = "boomr-if-as";

			js.src = "https://s.go-mpulse.net/boomerang/" + "TU3LW-WPX5W-YK52N-GNWRK-Z5B9X";
			BOOMR_lstart = new Date().getTime();
			this.body.appendChild(js);
		};
		doc.write('<bo' + 'dy onload="document._l();">');
		doc.close();
	})();
</script>
<!-- END mPulse library -->

   	
	
	

	<script type="text/javascript" src="/etc.clientlibs/clientlibs/granite/jquery.min.js"></script>
	<script type="text/javascript" src="/etc.clientlibs/clientlibs/granite/utils.min.js"></script>

	<script type="text/javascript">
		if (typeof Granite !== "undefined" && Granite.I18n){
			Granite.I18n.setLocale("en_gb" || "en");
		}
	</script>
	
    <head>
    
    
    
    
    <meta charset="UTF-8"/>
    <meta name="viewport" content="width=device-width"/>
	<meta name="description" content="We observed a new cryptocurrency-mining botnet that arrives via open ADB (Android Debug Bridge) ports and can spread via SSH. This attack takes advantage of the way open ADB ports don’t have authentication by default."/>
	<meta name="robots" content="index,follow"/>
	<meta name="keywords" content="mobile,cyber threats,research"/>
	<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/>
	<meta name="template" content="article1withouthero"/>
    <meta property="article:published_time" content="2019-06-20"/>
    <meta property="article:tag" content="cyber threats"/>
    <meta property="article:section" content="research"/>
    
    <link rel="icon" type="image/ico" href="/content/dam/trendmicro/favicon.ico"/>
	<link rel="canonical" href="https://www.trendmicro.com/en_gb/research/19/f/cryptocurrency-mining-botnet-arrives-through-adb-and-spreads-through-ssh.html"/>

    <title>Cryptocurrency-Mining Botnet Spreads via ADB, SSH</title>
			 
    

    <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600" rel="stylesheet"/>
<link href="//customer.cludo.com/css/296/1798/cludo-search.min.css" type="text/css" rel="stylesheet"/>



    
    
    

    
    
    
    
<link rel="stylesheet" href="/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css" type="text/css">



    

    

    <script src="//tags.tiqcdn.com/utag/trendmicro/europe/prod/utag.sync.js"></script>
	<meta property="og:url" content="https://www.trendmicro.com/en_gb/research/19/f/cryptocurrency-mining-botnet-arrives-through-adb-and-spreads-through-ssh.html"/>
<meta property="og:title" content="Cryptocurrency-Mining Botnet Spreads via ADB, SSH"/>
<meta property="og:description" content="We observed a new cryptocurrency-mining botnet that arrives via open ADB (Android Debug Bridge) ports and can spread via SSH. This attack takes advantage of the way open ADB ports don’t have authentication by default."/>
<meta property="og:site_name" content="Trend Micro"/>
<meta property="og:image" content="https://www.trendmicro.com/content/dam/trendmicro/global/en/research/19/f/mining-botnet-adb-ssh.jpg"/>
<meta property="og:locale" content="en_GB"/>

	<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:site" content="@TrendMicro"/>
<meta name="twitter:title" content="Cryptocurrency-Mining Botnet Spreads via ADB, SSH"/>
<meta name="twitter:description" content="We observed a new cryptocurrency-mining botnet that arrives via open ADB (Android Debug Bridge) ports and can spread via SSH. This attack takes advantage of the way open ADB ports don’t have authentication by default."/>
<meta name="twitter:image" content="https://www.trendmicro.com/content/dam/trendmicro/global/en/research/19/f/mining-botnet-adb-ssh.jpg"/>

</head>
    
    <body class="articlepage page basicpage context-business">
		<!-- Page Scroll: Back to Top -->
		<a id="page-scroll" title="VerticalPageScroll" href="javascript:jumpScroll($(this).scrollTop());">
			<span class="icon-chevron-up"></span>
		</a>

        
                      
     		<!-- /* Data Layer */ -->
			<script type="text/javascript">
				var utag_data = {"customer_cookie_type":"business","language_code":"en_gb","page_name":"research/19/f/cryptocurrency-mining-botnet-arrives-through-adb-and-spreads-through-ssh/en_gb","category_id":"en_gb/research/19/f/cryptocurrency-mining-botnet-arrives-through-adb-and-spreads-through-ssh","page_type":"unknown","site_section":"research","post_author":"Jindrich Karasek|Threat Researcher","post_date":"2019-06-20"};
			</script>

			<script type="text/javascript">(function(a,b,c,d){a='//tags.tiqcdn.com/utag/trendmicro/europe/prod/utag.js';b=document;c='script';d=b.createElement(c);d.src=a;d.type='text/java'+c;d.async=true;a=b.getElementsByTagName(c)[0];a.parentNode.insertBefore(d,a);})();</script>

            



            
<div class="header globalHeaderV2">

<div class="disruptorPanel">

<div class="disruptor-panel__alert">

	<div class="inner-container">
		<button class="sliding-dismiss-button">
			<span class="button-text">dismiss</span>
			<span class="icon-close"></span>
		</button>
	</div>
</div>
</div>
<div class="main-header new-main-header">
	<!-- Nav Sticky Wrapper -->
	<div class="nav-sticky-wrapper">
		<!-- Top Bar -->
		<div class="top-bar hidden-xs hidden-sm">
			<div class="inner-container">
				<div class="utility-col">
					<div class="utilityMenu utilityMenu-desktop"><nav class="utilityMenu__wrapper">

	<div class="dropdown utilityAlerts ">
	<button class="menu-button" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
		<span class="hidden menu-button__alert-count"></span>
		<span class="menu-button__icon icon-alert"></span>
		<span class="menu-button__text">Alerts</span>
	</button>
	<ul class="hidden dropdown-menu alerts-container ">
	</ul>

<ul class="dropdown-menu no-alerts"><li>No new notifications at this time.</li></ul>

</div>

	
	

		<!-- /* Determine if we need to act as a link button, or a drop down menu */ -->
		

		
		<div class="dropdown hidden-xs ">
			<button class="menu-button button-default" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
				<span class="menu-button__icon icon-download"></span>
				<span class="menu-button__text">Download</span>
			</button>
			



			
				<ul class="dropdown-menu align-">
					
						<li>
							<a href="/en_gb/business/products/downloads.html#t3">
								
								Scan Engines
								
							</a>
						</li>
					
						<li>
							<a href="/en_gb/business/products/downloads.html#t4">
								
								All Pattern Files
								
							</a>
						</li>
					
						<li>
							<a href="/en_gb/business/products/downloads.html">
								
								All Downloads
								
							</a>
						</li>
					
						<li class=" is-phone-number ">
							<a href="http://downloadcenter.trendmicro.com/index.php?clk=left_nav&clkval=rss_feed&regs=GB" target="_blank" rel="noopener noreferrer" class="no-border ">
								
								Subscribe to Download Center RSS
								
							</a>
						</li>
					
				</ul>
			

			
		</div>
	

	


	

	
	

		<!-- /* Determine if we need to act as a link button, or a drop down menu */ -->
		

		
		<div class="dropdown ">
			<button class="menu-button button-default" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
				<span class="menu-button__icon icon-cart"></span>
				<span class="menu-button__text">Buy</span>
			</button>
			



			
				<ul class="dropdown-menu align-">
					
						<li class=" hidden-context-home ">
							<a href="/en_gb/partners/find-a-partner.html">
								
								Find a Partner
								
							</a>
						</li>
					
						<li class=" hidden-context-business ">
							<a href="http://store.trendmicro.com/store/tmamer/Content/pbPage.Home/pgm.4823570300/" target="_blank" rel="noopener noreferrer">
								
								Home Office Online Store
								
							</a>
						</li>
					
						<li class=" hidden-context-business ">
							<a href="http://store.trendmicro.com/store/tmamer/html/pbPage.ManualRenew/ThemeID.7735600" target="_blank" rel="noopener noreferrer">
								
								Renew Online
								
							</a>
						</li>
					
						<li class=" hidden-context-business ">
							<a href="/en_gb/forHome/products/free-tools.html" class="no-border ">
								
								Free Tools
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="/en_gb/business/get-info-form.html">
								
								Contact Sales
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="/en_gb/contact.html">
								
								Locations Worldwide
								
							</a>
						</li>
					
						<li class="dropdown-header hidden-context-home is-phone-number ">
							
								
								+44 (0) 203 549 3300
								
							
						</li>
					
						<li class="dropdown-header hidden-context-home ">
							
								
								Small Business
								
							
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://orp.trendmicro.com/EMEAORP" target="_blank" rel="noopener noreferrer">
								
								Renew Online
								
							</a>
						</li>
					
				</ul>
			

			
		</div>
	

	


	

	
	

		<!-- /* Determine if we need to act as a link button, or a drop down menu */ -->
		

		
		<div class="dropdown stretched-dropdown">
			<button class="menu-button button-default" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
				<span class="menu-button__icon icon-region"></span>
				<span class="menu-button__text">Region</span>
			</button>
			



			

			
				<div class="dropdown-menu align-">
					<ul class="menu-column col-xs-12 col-sm-4 col-md-3">
						
							<li class="dropdown-header">
								
									
									The Americas
									
								
							</li>
						
							<li>
								<a href="/en_us.html">
									
									United States
									
								</a>
							</li>
						
							<li>
								<a href="/pt_br.html">
									
									Brasil
									
								</a>
							</li>
						
							<li>
								<a href="/en_ca.html">
									
									Canada
									
								</a>
							</li>
						
							<li>
								<a href="/es_mx.html" class="no-border ">
									
									México
									
								</a>
							</li>
						
							<li class="dropdown-header break-column-desktop break-column-tablet">
								
									
									Asia Pacific
									
								
							</li>
						
							<li>
								<a href="/en_au.html">
									
									Australia
									
								</a>
							</li>
						
							<li>
								<a href="/en_hk.html">
									
									Hong Kong (English)
									
								</a>
							</li>
						
							<li>
								<a href="/zh_hk.html">
									
									香港 (中文) (Hong Kong) 
									
								</a>
							</li>
						
							<li>
								<a href="/en_in.html">
									
									भारत गणराज्य (India)
									
								</a>
							</li>
						
							<li>
								<a href="/in_id.html">
									
									Indonesia
									
								</a>
							</li>
						
							<li>
								<a href="/ja_jp.html">
									
									日本 (Japan)
									
								</a>
							</li>
						
							<li>
								<a href="/ko_kr/business.html">
									
									대한민국 (South Korea)
									
								</a>
							</li>
						
							<li class=" break-column-desktop">
								<a href="/en_my.html">
									
									Malaysia
									
								</a>
							</li>
						
							<li>
								<a href="/en_nz.html">
									
									New Zealand
									
								</a>
							</li>
						
							<li>
								<a href="/en_ph.html">
									
									Philippines
									
								</a>
							</li>
						
							<li>
								<a href="/en_sg.html">
									
									Singapore
									
								</a>
							</li>
						
							<li>
								<a href="/zh_tw.html">
									
									台灣 (Taiwan)
									
								</a>
							</li>
						
							<li>
								<a href="/th_th.html">
									
									 ประเทศไทย (Thailand)
									
								</a>
							</li>
						
							<li>
								<a href="/vi_vn.html" class="no-border ">
									
									Việt Nam
									
								</a>
							</li>
						
							<li class="dropdown-header break-column-desktop break-column-tablet">
								
									
									Europe, Middle East &amp; Africa
									
								
							</li>
						
							<li>
								<a href="/en_be.html">
									
									België (Belgium)
									
								</a>
							</li>
						
							<li>
								<a href="http://www.trendmicro.cz/">
									
									Česká Republika
									
								</a>
							</li>
						
							<li>
								<a href="/en_dk.html">
									
									Danmark
									
								</a>
							</li>
						
							<li>
								<a href="/de_de.html">
									
									Deutschland, Österreich Schweiz
									
								</a>
							</li>
						
							<li>
								<a href="/es_es.html">
									
									España
									
								</a>
							</li>
						
							<li>
								<a href="/fr_fr.html">
									
									France
									
								</a>
							</li>
						
							<li>
								<a href="/en_ie.html">
									
									Ireland
									
								</a>
							</li>
						
							<li>
								<a href="/it_it.html">
									
									Italia
									
								</a>
							</li>
						
							<li>
								<a href="/en_ae.html">
									
									Middle East and North Africa
									
								</a>
							</li>
						
							<li class=" break-column-desktop">
								<a href="/en_nl.html">
									
									Nederland
									
								</a>
							</li>
						
							<li>
								<a href="/en_no.html">
									
									Norge (Norway)
									
								</a>
							</li>
						
							<li>
								<a href="/pl_pl.html">
									
									Polska (Poland)
									
								</a>
							</li>
						
							<li>
								<a href="/ru_ru.html">
									
									Россия (Russia)
									
								</a>
							</li>
						
							<li>
								<a href="/en_za/business.html">
									
									South Africa
									
								</a>
							</li>
						
							<li>
								<a href="/en_fi.html">
									
									Suomi (Finland)
									
								</a>
							</li>
						
							<li>
								<a href="/en_se.html">
									
									Sverige (Sweden)
									
								</a>
							</li>
						
							<li>
								<a href="/tr_tr.html">
									
									Türkiye (Turkey)
									
								</a>
							</li>
						
							<li>
								<a href="/en_gb.html" class="no-border ">
									
									United Kingdom
									
								</a>
							</li>
						
					</ul>
				</div>
			
		</div>
	

	


	

	
	

		<!-- /* Determine if we need to act as a link button, or a drop down menu */ -->
		

		
		<div class="dropdown ">
			<button class="menu-button button-default" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
				<span class="menu-button__icon icon-login"></span>
				<span class="menu-button__text">Log In</span>
			</button>
			



			
				<ul class="dropdown-menu align-">
					
						<li class=" hidden-context-home ">
							<a href="https://success.trendmicro.com/sign-in" target="_blank" rel="noopener noreferrer">
								
								My Support
								
							</a>
						</li>
					
						<li class=" hidden-context-business ">
							<a href="https://esupport.trendmicro.com/en-us/home/pages/resources.aspx" target="_blank" rel="noopener noreferrer" class="no-border ">
								
								Log In to Support
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://community-trendmicro.force.com/Partner" target="_blank" rel="noopener noreferrer">
								
								Partner Portal
								
							</a>
						</li>
					
						
					
						
					
						<li class="dropdown-header hidden-context-business ">
							
								
								Home Solutions
								
							
						</li>
					
						<li class=" hidden-context-business ">
							<a href="https://www.trendsecure.com/my_account/signin/login" target="_blank" rel="noopener noreferrer">
								
								My Account
								
							</a>
						</li>
					
						<li class=" hidden-context-business ">
							<a href="http://www.trendmicro.com/ilostmyandroid" target="_blank" rel="noopener noreferrer">
								
								Lost Device Portal
								
							</a>
						</li>
					
						<li class=" hidden-context-business ">
							<a href="https://www.trendsecure.com/report_stolen/locker/report" target="_blank" rel="noopener noreferrer">
								
								Trend Micro Vault
								
							</a>
						</li>
					
						<li class=" hidden-context-business ">
							<a href="http://pwm.trendmicro.com/" target="_blank" rel="noopener noreferrer">
								
								Password Manager
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://clp.trendmicro.com/" target="_blank" rel="noopener noreferrer">
								
								Customer Licensing Portal
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://esupport.trendmicro.com/oct" target="_blank" rel="noopener noreferrer">
								
								Online Case Tracking
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://success.trendmicro.com/sign-in" target="_blank" rel="noopener noreferrer">
								
								Premium Support
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://sso.trendmicro.com/sso/form/authenticate.aspx" target="_blank" rel="noopener noreferrer">
								
								Worry-Free Business Security Services
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://tm.login.trendmicro.com/authenticate/api/false/tmrm" target="_blank" rel="noopener noreferrer">
								
								Remote Manager
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://cloudone.trendmicro.com/" target="_blank" rel="noopener noreferrer">
								
								Cloud One
								
							</a>
						</li>
					
						<li class=" hidden-context-business ">
							<a href="https://signup.cj.com/member/signup/publisher/?cid=1157059" target="_blank" rel="noopener noreferrer" class="no-border ">
								
								Referral Affiliate
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://signup.cj.com/member/signup/publisher/?cid=1867119#/branded?_k=xaeu3t" target="_blank" rel="noopener noreferrer">
								
								Referral Affiliate
								
							</a>
						</li>
					
				</ul>
			

			
		</div>
	

	


	

	
	

		<!-- /* Determine if we need to act as a link button, or a drop down menu */ -->
		

		
		<div class="dropdown ">
			<button class="menu-button desktop-text button-red" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
				<span class="menu-button__icon icon-contact"></span>
				<span class="menu-button__text">Contact Us</span>
			</button>
			



			
				<ul class="dropdown-menu align-">
					
						<li class=" hidden-context-home ">
							<a href="/en_gb/business/get-info-form.html">
								
								Contact Sales
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="/en_gb/contact.html">
								
								Locations
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://success.trendmicro.com/technical-support">
								
								Support
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="/en_gb/partners/find-a-partner.html">
								
								Find a Partner
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="/en_gb/about/events.html">
								
								Learn of upcoming events
								
							</a>
						</li>
					
						<li class="dropdown-header hidden-context-home ">
							
								
								Social Media Networks
								
							
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://www.facebook.com/TrendMicroEurope">
								
								Facebook
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://twitter.com/trendmicrouk">
								
								Twitter
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://www.linkedin.com/company/trend-micro-europe">
								
								Linkedin
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://www.youtube.com/user/TrendMicroEurope">
								
								Youtube
								
							</a>
						</li>
					
						<li class=" hidden-context-home ">
							<a href="https://www.instagram.com/trendmicro/">
								
								Instagram
								
							</a>
						</li>
					
						<li class="dropdown-header is-phone-number ">
							
								
								+44 (0) 203 549 3300
								
							
						</li>
					
				</ul>
			

			
		</div>
	

	<div class="dropdown utility-dropdown-search hidden-sm hidden-md hidden-lg">
		<button class="menu-button utility-search-button" type="button">
			<span class="menu-button__icon icon-search-thin"></span>
		</button>
	</div>
</nav>

</div>
				</div>
			</div>
		</div>
		<!-- Bottom Bar -->
		<div class="bottom-bar">
			<div class="inner-container">
				<nav class="mainNavMenu"><!--  Inner Container -->
<div class="inner-container">
	<!--  Logo Toggle Col -->
	<div class="logo-toggle-col">
		<div class="newlogo logo"><a href="/en_gb/business.html">
	<img class="hidden-xs" src="/content/dam/trendmicro/global/en/global/logo/logo-desktop.png" alt="Trend Micro Security"/>
	<img class="hidden-sm hidden-md hidden-lg" src="/content/dam/trendmicro/global/en/global/logo/logo-desktop.png" alt="Trend Micro Security"/>
</a>


</div>
		<div class="toggle">
	<div class="toggle-button active">
		<a href="/en_gb/business.html" data-businesscontext="true">
			Business&nbsp;
			<span class="icon-chevron-right hidden-xs"></span>
		</a>
	</div>
	<div class="toggle-button">
		<a href="/en_gb/forHome.html" data-businesscontext="false">
			For Home&nbsp;
			<span class="icon-chevron-right hidden-xs"></span>
		</a>
	</div>

</div>
		<div class="mobile-right-controls hidden visible-xs visible-sm">
			<a href="#newnavmenu-mobile" class="menu-link toggle-newnavmenu-mobile collapsed" data-toggle="collapse">
				<div class="menu-icon">
					<div class="center-bar"></div>
				</div>
			</a>
			<div class="search-mobile toggle-search-mobile collapsed" data-target="#search-mobile-wrapper" data-toggle="collapse">
				<span class="icon-search"></span>
			</div>
		</div>
	</div>
	<!--  Nav Wrapper -->
	<div class="nav-wrapper collapse to-right dont-collapse-flex-md" id="newnavmenu-mobile">
		
			<div class="dropdown">
				
				
				
					<button class="menu-toggle hidden-xs hidden-sm" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
						Products
					</button>
					<button class="menu-toggle hidden-md hidden-lg" type="button" data-toggle="collapse" data-target="#nav-dropdown-0" aria-haspopup="true" aria-expanded="false">
						Products
					</button>
					<div class="dropdown-menu" id="nav-dropdown-0">
						<div class="responsiveColumnControl section">

<style>>
#responsive-column-0f5aec91-1546-487a-ac64-959da943549e {
	margin-top:0;
	padding-top:0;
	padding-bottom:0;
	margin-bottom:40px;
}
</style>



<div class="row
			
			null global-margin-top- global-padding-top- global-padding-bottom- global-margin-bottom-" id="responsive-column-0f5aec91-1546-487a-ac64-959da943549e">
	<div class="col-sm-12 col-xs-12 col-md-12 column"><div class="navCategory section">
<div class="white left-align-full show-dividers columns-container">
	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-red" id="b-nav-products-hcs" href="/en_gb/business/products/hybrid-cloud.html">Hybrid Cloud Security</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-hcs-workload-security" href="/en_gb/business/products/hybrid-cloud/cloud-one-workload-security.html">
	Workload Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-hcs-conformity" href="/en_gb/business/products/hybrid-cloud/cloud-one-conformity.html">
	Conformity
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-hcs-container-security" href="/en_gb/business/products/hybrid-cloud/cloud-one-container-image-security.html">
	Container Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-hcs-file-storage-security" href="/en_gb/business/products/hybrid-cloud/cloud-one-file-storage-security.html">
	File Storage Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-hcs-application-security" href="/en_gb/business/products/hybrid-cloud/cloud-one-application-security.html">
	Application Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-hcs-network-security" href="/en_gb/business/products/hybrid-cloud/cloud-one-network-security.html">
	Network Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-hcs-open-source" href="/en_gb/business/products/hybrid-cloud/cloud-one-open-source-security-by-snyk.html">
	Open Source Security
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-red" id="b-nav-products-network-security" href="/en_gb/business/products/network.html">Network Security</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-" id="b-nav-products-network-intrusion-prevention" href="/en_gb/business/products/network/intrusion-prevention.html">
	Intrusion Prevention
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-products-network-advanced-threat-protection" href="/en_gb/business/products/network/advanced-threat-protection.html">
	Advanced Threat Protection
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-industrial-network-security" href="/en_gb/business/products/iot/industrial-network-security.html">
	Industrial Network Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-mobile-network-security" href="/en_gb/business/products/iot/mobile-network-security.html">
	Mobile Network Security
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-red" id="b-nav-products-user-protection" href="/en_gb/business/products/user-protection.html">User Protection</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-" id="b-nav-products-up-endpoint-security" href="/en_gb/business/products/user-protection/sps/endpoint.html">
	Endpoint Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-products-up-email-security" href="/en_gb/business/products/user-protection/sps/email-and-collaboration.html">
	Email Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-up-mobile-security" href="/en_gb/business/products/user-protection/sps/mobile-security-enterprise.html">
	Mobile Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-products-up-web-security" href="/en_gb/business/products/user-protection/sps/web-security.html">
	Web Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-up-industrial-endpoint" href="/en_gb/business/products/iot/industrial-endpoint-security.html">
	Industrial Endpoint
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-red" id="b-nav-products-detection-response" href="/en_gb/business/products/detection-response.html">Detection &amp; Response</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-detection-response-xdr" href="/en_gb/business/products/detection-response/xdr.html">
	XDR
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-detection-response-edr" href="/en_gb/business/products/detection-response/edr-endpoint-sensor.html">
	Endpoint Detection &amp; Response
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-products-detection-response-zero-trust" href="/en_gb/business/products/detection-response/zero-trust.html">
	Zero Trust Risk Insights
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray">Powered by</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-key-products-machine-learning" href="/content/trendmicro/en_gb/business/technologies/machine-learning">
	AI/Machine Learning
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-key-products-global-threat-intelligence" href="/en_gb/business/technologies/smart-protection-network.html">
	Global Threat Intelligence
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-products-key-connected-threat-defense" href="/en_gb/business/technologies/connected-threat-defense.html">
	Connected Threat Defense
	
</a>

</div>

</div>
	</div>
</div>

</div>
<div class="navCategory section">
<div class="white center-align  columns-container">
	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray" id="b-nav-products-all-products" href="/en_gb/business/products.html">All Products &amp; Trials</a>
</div>
		<div class="parsys navColumnItems">
</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray" id="b-nav-products-all-solutions" href="/en_gb/business/products/all-solutions.html">All Solutions</a>
</div>
		<div class="parsys navColumnItems">
</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray" id="b-nav-products-service-packages" href="/en_gb/business/services/service-one.html">Service Packages</a>
</div>
		<div class="parsys navColumnItems">
</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray" id="b-nav-products-small-business" href="/en_gb/small-business/worry-free-services-advanced.html">Small &amp; Midsize Business Security</a>
</div>
		<div class="parsys navColumnItems">
</div>
	</div>
</div>

</div>

</div>
</div>
</div>


					</div>
				
			</div>
		
			<div class="dropdown">
				
				
				
					<button class="menu-toggle hidden-xs hidden-sm" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
						Solutions
					</button>
					<button class="menu-toggle hidden-md hidden-lg" type="button" data-toggle="collapse" data-target="#nav-dropdown-1" aria-haspopup="true" aria-expanded="false">
						Solutions
					</button>
					<div class="dropdown-menu" id="nav-dropdown-1">
						<div class="responsiveColumnControl section">

<style>>
#responsive-column-68a8a891-0ea4-438a-a5d0-68535c884d5d {
	margin-top:0;
	padding-top:0;
	padding-bottom:0;
	margin-bottom:40px;
}
</style>



<div class="row
			
			null global-margin-top- global-padding-top- global-padding-bottom- global-margin-bottom-" id="responsive-column-68a8a891-0ea4-438a-a5d0-68535c884d5d">
	<div class="col-sm-12 col-xs-12 col-md-12 column"><div class="navCategory section">
<div class="gray left-align-full show-dividers columns-container">
	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray" id="b-nav-solutions-cloud" href="/en_gb/business/capabilities/solutions-for/cloud.html">For Cloud</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-hcs-cloud-migration" href="/en_gb/business/products/hybrid-cloud/cloud-migration-security.html">
	Cloud Migration
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-hcs-cloud-native-app-dev" href="/en_gb/business/products/hybrid-cloud/cloud-native-application-development.html">
	Cloud-Native App Development
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-hcs-cloud-op-excellence" href="/en_gb/business/products/hybrid-cloud/cloud-operational-excellence.html">
	Cloud Operational Excellence
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-hcs-data-center-security" href="/en_gb/business/products/hybrid-cloud/security-data-center-virtualization.html">
	Data Center Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-saas-apps" href="/en_gb/business/capabilities/solutions-for/cloud.html">
	SaaS Applications
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-red">Internet of Things (IoT)</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-smart-factory" href="/en_gb/business/solutions/iot/smart-factory.html">
	Smart Factory
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-connected-car" href="/en_gb/business/solutions/iot/connected-car.html">
	Connected Car
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-5g-enterprise" href="/en_gb/business/solutions/iot/enterprise-5g-iot.html">
	5G Security for Enterprises
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray" id="b-nav-solutions-risk">Risk Management</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-ransomware" href="/en_gb/business/capabilities/solutions-for/ransomware.html">
	Ransomware
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-end-support-systems" href="/en_gb/business/capabilities/solutions-for/end-of-support-systems.html">
	End-of-Support Systems
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-compliance" href="/en_gb/business/capabilities/solutions-for/compliance.html">
	Compliance
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-detection-response" href="/en_gb/business/products/detection-response.html">
	Detection and Response
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray" id="b-nav-solutions-industries">Industries</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-healthcare" href="/en_gb/business/capabilities/solutions-for/healthcare.html">
	Healthcare
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-solutions-manufacturing" href="/en_gb/business/solutions/iot/smart-factory.html">
	Manufacturing
	
</a>

</div>

</div>
	</div>
</div>

</div>

</div>
</div>
</div>


					</div>
				
			</div>
		
			<div class="dropdown">
				
				
				
					<button class="menu-toggle hidden-xs hidden-sm" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
						Why Trend Micro
					</button>
					<button class="menu-toggle hidden-md hidden-lg" type="button" data-toggle="collapse" data-target="#nav-dropdown-2" aria-haspopup="true" aria-expanded="false">
						Why Trend Micro
					</button>
					<div class="dropdown-menu" id="nav-dropdown-2">
						<div class="responsiveColumnControl section">

<style>>
#responsive-column-33512441-05a6-415d-9a7a-33d556ff924d {
	margin-top:0;
	padding-top:0;
	padding-bottom:0;
	margin-bottom:40px;
}
</style>



<div class="row
			
			null global-margin-top- global-padding-top- global-padding-bottom- global-margin-bottom-" id="responsive-column-33512441-05a6-415d-9a7a-33d556ff924d">
	<div class="col-sm-12 col-xs-12 col-md-12 column"><div class="navCategory section">
<div class="white left-align show-dividers columns-container">
	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-red" id="b-nav-why-trend" href="/en_gb/about/why-trend-micro.html">The Trend Micro Difference</a>
</div>
		<div class="parsys navColumnItems"><div class="responsiveColumnControl section">





<div class="row
			
			global-margin-top-default global-padding-top-default global-padding-bottom-default global-margin-bottom-default" id="responsive-column-11d0608e-4c1b-47f0-8ede-f2f9eb35ff4e">
	<div class="col-sm-4 col-xs-12 col-md-4 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-why-customer-successes" href="/en_gb/about/customer-stories.html">
	Customer Successes
	
</a>

</div>

</div>

	<div class="col-sm-4 col-xs-12 col-md-4 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-why-strategic-alliances" href="/en_gb/partners/explore-alliance-partners.html">
	Strategic Alliances
	
</a>

</div>

</div>

	<div class="col-sm-4 col-xs-12 col-md-4 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-why-industry-leadership" href="/en_gb/about/awards.html">
	Industry Leadership
	
</a>

</div>

</div>
</div>
</div>

</div>
	</div>
</div>

</div>

</div>
</div>
</div>


					</div>
				
			</div>
		
			<div class="dropdown">
				
				
				
					<button class="menu-toggle hidden-xs hidden-sm" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
						Research
					</button>
					<button class="menu-toggle hidden-md hidden-lg" type="button" data-toggle="collapse" data-target="#nav-dropdown-3" aria-haspopup="true" aria-expanded="false">
						Research
					</button>
					<div class="dropdown-menu" id="nav-dropdown-3">
						<div class="responsiveColumnControl section">

<style>>
#responsive-column-9d8c3588-195c-4668-ad79-33b51b20c75e {
	margin-top:0;
	padding-top:0;
	padding-bottom:0;
	margin-bottom:40px;
}
</style>



<div class="row
			
			null global-margin-top- global-padding-top- global-padding-bottom- global-margin-bottom-" id="responsive-column-9d8c3588-195c-4668-ad79-33b51b20c75e">
	<div class="col-sm-12 col-xs-12 col-md-12 column"><div class="navCategory section">
<div class="gray left-align-full show-dividers columns-container">
	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray">Research</a>
</div>
		<div class="parsys navColumnItems"><div class="responsiveColumnControl section">





<div class="row
			
			global-margin-top-default global-padding-top-default global-padding-bottom-default global-margin-bottom-default" id="responsive-column-4e2bfbda-f071-471d-8439-3c64632226a4">
	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-about" href="/en_gb/about/threat-research.html">
	About Our Research
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-analysis" href="https://www.trendmicro.com/vinfo/gb/security/research-and-analysis/">
	Research and Analysis
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-news-perspectives" href="/en_gb/research.html">
	Research, News and Perspectives
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-sec-reports" href="https://www.trendmicro.com/vinfo/gb/security/research-and-analysis/threat-reports">
	Security Reports
	
</a>

</div>

</div>

	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-security-news" href="http://www.trendmicro.com/vinfo/gb/security/news/">
	Security News
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-research-zero-day-initiative" href="https://www.zerodayinitiative.com/about/" rel="noopener noreferrer" target="_blank">
	Zero Day Initiative (ZDI)
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-simply-security-blog" href="/en_gb/research.html">
	Blog
	
</a>

</div>

</div>
</div>
</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray">Research by Topic</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-topics-vulnerabilities" href="https://www.trendmicro.com/vinfo/gb/threat-encyclopedia/vulnerability">
	Vulnerabilities
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-topics-annual-predictions-21" href="https://www.trendmicro.com/vinfo/gb/security/research-and-analysis/predictions/2021">
	Annual Predictions
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-topics-deep-web" href="https://www.trendmicro.com/vinfo/gb/security/threat-intelligence-center/deep-web/">
	The Deep Web
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-topics-iot" href="https://www.trendmicro.com/vinfo/gb/security/threat-intelligence-center/internet-of-things/">
	Internet of Things (IoT)
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray">Resources</a>
</div>
		<div class="parsys navColumnItems"><div class="responsiveColumnControl section">





<div class="row
			
			global-margin-top-default global-padding-top-default global-padding-bottom-default global-margin-bottom-default" id="responsive-column-431b436a-ba70-4f88-ab1b-481326e64f0c">
	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-resources-devops" href="/en_gb/devops.html">
	DevOps Resource Center
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-ciso-center" href="/en_gb/ciso.html">
	CISO Resource Center
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-resources-what-is" href="/en_gb/what-is.html">
	What is?
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-resources-encyclopedia" href="https://www.trendmicro.com/vinfo/gb/threat-encyclopedia/">
	Threat Encyclopedia
	
</a>

</div>

</div>

	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-resources-cloud-health" href="http://trendmicro.com/public-cloud-risk-assessment" rel="noopener noreferrer" target="_blank">
	Cloud Health Assessment
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-resources-cyber-risk" href="/en_gb/security-intelligence/breaking-news/cyber-risk-index.html">
	Cyber Risk Assessment
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-resources-enterprise-guide" href="https://www.trendmicro.com/vinfo/gb/security/threat-intelligence-center/security-strategies-for-enterprises">
	Enterprise Guides
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-research-resources-glossary" href="https://www.trendmicro.com/vinfo/gb/security/definition/a">
	Glossary of Terms
	
</a>

</div>

</div>
</div>
</div>

</div>
	</div>
</div>
<div class="featuredCampaign">
<div class="featured-campaign">
	<!--Media Container-->
	<div class="featured-campaign--media-container">
		<!--Featured Title-->
		<h5 class="featured-campaign--title title-color-red">Project 2030</h5>

		<!--Feature Image-->
		<figure class="featured-campaign--image-container">
			<a id="b-nav-research-promo-2030-64514d-img" target="_blank" href="https://2030.trendmicro.com">
				<img src="/content/dam/trendmicro/global/en/global/navigation/project-2030-nav-banner.jpg" alt="Project 2030"/>
			</a>
		</figure>
	</div>
	<!--Text Container-->
	<div class="featured-campaign--text-container">
		<!--RTE-->
		<div class="featured-campaign--rich-text richText">


	<p>How will the world of cybersecurity evolve by 2030?</p>
<p>Let’s take a look at what the future holds. </p>


</div>

		<!--Featured Link-->
		<div class="featured-campaign--link">
			<a id="b-nav-research-promo-2030-64514d" target="_blank" href="https://2030.trendmicro.com">
				Explore our expert video series
				<!--Link Icon (Chevron Right)-->
				<span class="icon-chevron-right"></span>
			</a>
		</div>
	</div>
</div>
</div>
</div>

</div>
</div>
</div>


					</div>
				
			</div>
		
			<div class="dropdown">
				
				
				
					<button class="menu-toggle hidden-xs hidden-sm" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
						Services &amp; Support
					</button>
					<button class="menu-toggle hidden-md hidden-lg" type="button" data-toggle="collapse" data-target="#nav-dropdown-4" aria-haspopup="true" aria-expanded="false">
						Services &amp; Support
					</button>
					<div class="dropdown-menu" id="nav-dropdown-4">
						<div class="responsiveColumnControl section">

<style>>
#responsive-column-d56d3822-bebd-48e6-912a-0e90182fc10a {
	margin-top:0;
	padding-top:0;
	padding-bottom:0;
	margin-bottom:40px;
}
</style>



<div class="row
			
			null global-margin-top- global-padding-top- global-padding-bottom- global-margin-bottom-" id="responsive-column-d56d3822-bebd-48e6-912a-0e90182fc10a">
	<div class="col-sm-12 col-xs-12 col-md-12 column"><div class="navCategory section">
<div class="white left-align-content show-dividers columns-container">
	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-red">Services</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-services-service-one" href="/en_gb/business/services/service-one.html">
	Service Packages
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-services-managed-xdr" href="/en_gb/business/services/managed-xdr.html">
	Managed XDR
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-services-support-services" href="/en_gb/business/services/support-services.html">
	Support Services
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray" id="b-nav-support-business-support" href="https://success.trendmicro.com/business-support" rel="noopener noreferrer" target="_blank">Business Support</a>
</div>
		<div class="parsys navColumnItems"><div class="responsiveColumnControl section">





<div class="row
			
			global-margin-top-default global-padding-top-default global-padding-bottom-default global-margin-bottom-default" id="responsive-column-2b25c60f-c5fb-48c8-86f2-6df9bf4ae40c">
	<div class="col-sm-4 col-xs-12 col-md-4 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-support-log-in" href="https://success.trendmicro.com/sign-in" rel="noopener noreferrer" target="_blank">
	Log In to Support
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-support-tech-support" href="https://success.trendmicro.com/technical-support" rel="noopener noreferrer" target="_blank">
	Technical Support
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-support-virus-threat-help" href="https://success.trendmicro.com/virus-and-threat-help" rel="noopener noreferrer" target="_blank">
	Virus &amp; Threat Help
	
</a>

</div>

</div>

	<div class="col-sm-4 col-xs-12 col-md-4 column"><div class="navLink section">
<a class=" text-color-" id="b-nav-support-renewals-registration" href="https://success.trendmicro.com/renewals-and-registration" rel="noopener noreferrer" target="_blank">
	Renewals &amp; Registration
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-support-education-certification" href="https://www.trendmicro.com/en_gb/business/products/support-services/education.html" rel="noopener noreferrer" target="_blank">
	Education &amp; Certification
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-support-contact-support" href="https://success.trendmicro.com/contact-support-europe" rel="noopener noreferrer" target="_blank">
	Contact Support
	
</a>

</div>

</div>

	<div class="col-sm-4 col-xs-12 col-md-4 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-support-downloads" href="/en_gb/business/products/downloads.html">
	Downloads
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-support-free-cleanup-tools" href="https://success.trendmicro.com/virus-and-threat-help#threat-removal" rel="noopener noreferrer" target="_blank">
	Free Cleanup Tools
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-support-find-support-partner" href="/en_gb/partners/find-a-partner.html">
	Find a Support Partner
	
</a>

</div>

</div>
</div>
</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-red">For Popular Products</a>
</div>
		<div class="parsys navColumnItems"><div class="responsiveColumnControl section">





<div class="row
			
			global-margin-top-default global-padding-top-default global-padding-bottom-default global-margin-bottom-default" id="responsive-column-8842dac0-6773-4e97-b3f4-1d033a074a3a">
	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-" id="b-nav-support-deep-security" href="https://success.trendmicro.com/product-support/deep-security-10-0" rel="noopener noreferrer" target="_blank">
	Deep Security
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-support-apex-one" href="https://success.trendmicro.com/product-support/apex-one" rel="noopener noreferrer" target="_blank">
	Apex One
	
</a>

</div>

</div>

	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-support-worry-free" href="https://success.trendmicro.com/product-support/worry-free-business-security" rel="noopener noreferrer" target="_blank">
	Worry-Free
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-support-worry-free-renewals" href="https://orp.trendmicro.com/EMEAORP" rel="noopener noreferrer" target="_blank">
	Worry-Free Renewals
	
</a>

</div>

</div>
</div>
</div>

</div>
	</div>
</div>

</div>

</div>
</div>
</div>


					</div>
				
			</div>
		
			<div class="dropdown">
				
				
				
					<button class="menu-toggle hidden-xs hidden-sm" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
						Partners
					</button>
					<button class="menu-toggle hidden-md hidden-lg" type="button" data-toggle="collapse" data-target="#nav-dropdown-5" aria-haspopup="true" aria-expanded="false">
						Partners
					</button>
					<div class="dropdown-menu" id="nav-dropdown-5">
						<div class="responsiveColumnControl section">





<div class="row
			
			null global-margin-top- global-padding-top- global-padding-bottom- global-margin-bottom-" id="responsive-column-e16e255f-e7af-4fc4-987b-1225b05bb002">
	<div class="col-sm-12 col-xs-12 col-md-12 column"><div class="navCategory section">
<div class="gray left-align-content show-dividers columns-container">
	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray">Channel Partners </a>
</div>
		<div class="parsys navColumnItems"><div class="responsiveColumnControl section">





<div class="row
			
			global-margin-top-default global-padding-top-default global-padding-bottom-default global-margin-bottom-default" id="responsive-column-46adfb90-1558-4a8e-81ee-4547ba04a0cd">
	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-channel-overview" href="/en_gb/partners/channel-partners.html">
	Channel Partner Overview
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-channel-managed" href="/en_gb/partners/managed-service-provider/europe/resource-center.html">
	Managed Service Provider
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-channel-cloud" href="/en_gb/partners/channel-partners/cloud-service-provider.html">
	Cloud Service Provider
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-channel-professional" href="/en_gb/partners/channel-partners/professional-services-partner.html">
	Professional Services
	
</a>

</div>

</div>

	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-channel-resellers" href="/en_gb/partners/channel-partners/resellers.html">
	Resellers
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-channel-marketplace" href="/en_gb/partners/channel-partners/marketplace.html">
	Marketplace
	
</a>

</div>
<div class="ghost section">

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-channel-system" href="/en_gb/partners/channel-partners/systems-integrator.html">
	System Integrators
	
</a>

</div>

</div>
</div>
</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray">Alliance Partners</a>
</div>
		<div class="parsys navColumnItems"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-alliance-overview" href="/en_gb/partners/alliance-partners.html">
	Alliance Overview
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-alliance-technical" href="/en_gb/partners/alliance-partners/technology.html">
	Technology Alliance Partners
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-alliance-explore" href="/en_gb/partners/alliance-partners/explore-alliance-partners.html">
	Our Alliance Partners
	
</a>

</div>

</div>
	</div>

	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-gray">Tools and Resources</a>
</div>
		<div class="parsys navColumnItems"><div class="responsiveColumnControl section">





<div class="row
			
			global-margin-top-default global-padding-top-default global-padding-bottom-default global-margin-bottom-default" id="responsive-column-779a5b50-ab41-4e00-81e5-95f973de17e8">
	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-tools-find" href="/en_gb/partners/find-a-partner.html">
	Find a Partner
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-tools-education" href="/en_gb/business/products/support-services/education.html">
	Education and Certification
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partner-tools-stories" href="/en_gb/partners/partner-stories.html">
	Partner Successes
	
</a>

</div>

</div>

	<div class="col-sm-6 col-xs-12 col-md-6 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-tools-distributors" href="/en_gb/partners/distributors.html">
	Distributors
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-partners-tools-login" href="https://community-trendmicro.force.com/Partner" rel="noopener noreferrer" target="_blank">
	Partner Login
	
</a>

</div>

</div>
</div>
</div>

</div>
	</div>
</div>

</div>

</div>
</div>
</div>


					</div>
				
			</div>
		
			<div class="dropdown">
				
				
				
					<button class="menu-toggle hidden-xs hidden-sm" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
						Company
					</button>
					<button class="menu-toggle hidden-md hidden-lg" type="button" data-toggle="collapse" data-target="#nav-dropdown-6" aria-haspopup="true" aria-expanded="false">
						Company
					</button>
					<div class="dropdown-menu" id="nav-dropdown-6">
						<div class="responsiveColumnControl section">

<style>>
#responsive-column-34ea2a82-a864-43dd-8379-651ac4d9ccaa {
	margin-top:0;
	padding-top:0;
	padding-bottom:0;
	margin-bottom:40px;
}
</style>



<div class="row
			
			null global-margin-top- global-padding-top- global-padding-bottom- global-margin-bottom-" id="responsive-column-34ea2a82-a864-43dd-8379-651ac4d9ccaa">
	<div class="col-sm-12 col-xs-12 col-md-12 column"><div class="navCategory section">
<div class="white left-align show-dividers columns-container">
	<div class="column">
		<div class="navColumnTitle">
<a class="title title-color-red" id="b-nav-company-overview" href="/en_gb/about.html">Overview</a>
</div>
		<div class="parsys navColumnItems"><div class="responsiveColumnControl section">





<div class="row
			
			global-margin-top-default global-padding-top-default global-padding-bottom-default global-margin-bottom-default" id="responsive-column-53bf89c0-7d6d-4878-9690-25361fab6b29">
	<div class="col-sm-3 col-xs-12 col-md-3 column"><div class="navLink section">
<a class=" text-color-" id="b-nav-company-leadership" href="/en_gb/about/leaders.html">
	Leadership
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-customer-success" href="/en_gb/about/customer-stories.html">
	Customer Success Stories
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-alliance-partners" href="/en_gb/partners/alliance-partners.html">
	Strategic Alliances
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-industry-accolades" href="/en_gb/about/industry-recognition.html">
	Industry Accolades
	
</a>

</div>

</div>

	<div class="col-sm-3 col-xs-12 col-md-3 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-newsroom" href="/en_gb/about/newsroom.html">
	Newsroom
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-company-webinars" href="/en_gb/about/webinars.html">
	Webinars
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-company-events" href="/en_gb/about/events.html">
	Events
	
</a>

</div>

</div>

	<div class="col-sm-3 col-xs-12 col-md-3 column"><div class="navLink section">
<a class=" text-color-" id="b-nav-company-security-experts" href="/en_gb/about/leading-experts.html">
	Security Experts
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-company-careers" href="/en_gb/about/careers.html">
	Careers
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-history" href="/en_gb/about/history-vision-values.html">
	History
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-company-corp-social-responsibility" href="/en_gb/about/corporate-social-responsibility.html">
	Corporate Social Responsibility
	
</a>

</div>

</div>

	<div class="col-sm-3 col-xs-12 col-md-3 column"><div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-diversity-inclusion" href="/en_gb/about/diversity-inclusion.html">
	Diversity, Equity &amp; Inclusion
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-trust-center" href="/en_gb/about/trust-center.html">
	Trust Center
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-" id="b-nav-company-internet-safety-cyber-ed" href="/en_gb/initiative-education.html">
	Internet Safety and Cybersecurity Education
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-investors" href="/en_us/about/investor-relations.html">
	Investors
	
</a>

</div>
<div class="navLink section">
<a class=" text-color-gray" id="b-nav-company-legal" href="/en_gb/about/legal.html">
	Legal
	
</a>

</div>

</div>
</div>
</div>

</div>
	</div>
</div>

</div>

</div>
</div>
</div>


					</div>
				
			</div>
		
		
		<div class="dropdown search-dropdown">
			<button class="search-button hidden-xs hidden-sm" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
				<span class="icon-search-thin"></span>
			</button>
			<div class="dropdown-menu utility-search-target">
				<script type="text/javascript" src="//customer.cludo.com/scripts/bundles/search-script.js"></script>
				<script type="text/javascript">
					var CludoSearch;
					var cludo_language = '';

					switch( window.utag_data.language_code )
					{
						// Cludo dropped the ball on this one
						case 'ja_jp':
							cludo_language = 'jp';
							break;
						case 'in_id':
							cludo_language = 'id';
							break;
						default:
							cludo_language = window.utag_data.language_code.substring( 0, 2 ); // First two letters are the language
							break;
					}

					$(document).ready( function() {
						var cludoSettings = {
							customerId: 296,
							engineId: 9103,
							searchUrl: "/en_gb/common/cse.html",
							searchInputs: ["cludo-search-form","cludo-search-form-mobile","cludo-search-content-form"],
							initSearchBoxText: "",
							language: cludo_language,
							endlessScroll: {stopAfterPage:3, resultsPerPage:10, bottomOffset: 145},
							translateSearchTemplates: true,
							loading: "<div class='loader'></div>"
						};

						CludoSearch= new Cludo(cludoSettings);

						CludoSearch.translateProvider.translations[cludo_language]["category_header"] = Granite.I18n.get( "Show" );
						CludoSearch.translateProvider.translations[cludo_language]["your_search_on"] = Granite.I18n.get( "Showing results for" ) + " <span class='highlight'>{{value}}</span> ";
						CludoSearch.translateProvider.translations[cludo_language]["total_results"] = "";
						CludoSearch.translateProvider.translations[cludo_language]["total_result"] = "";
						CludoSearch.translateProvider.translations[cludo_language]["in_category"] = "";
						CludoSearch.translateProvider.translations[cludo_language]["results"] = Granite.I18n.get( "results" );
						CludoSearch.translateProvider.translations[cludo_language]["sort_by"] = Granite.I18n.get( "Sort By" ) + ":";
						CludoSearch.translateProvider.translations[cludo_language]["date"] = Granite.I18n.get( "Date" );
						CludoSearch.translateProvider.translations[cludo_language]["relevance"] = Granite.I18n.get( "Relevance" );
						CludoSearch.translateProvider.translations[cludo_language]["all_results"] = Granite.I18n.get( "All results" );

						CludoSearch.init();
					});
				</script>
				<form class="main-menu-search" aria-label="Search Trend Micro">
					<div class="main-menu-search__field-wrapper" id="cludo-search-form">
						<table cellspacing="0" cellpadding="0" class="gsc-search-box" style="width:100%">
							<tbody>
								<tr>
									<td class="gsc-input">
										<input type="text" size="10" class="gsc-input" name="search" title="search" placeholder="Search Trend Micro"/>
									</td>
								</tr>
							</tbody>
						</table>
					</div>
				</form>
				<button type="button" class="close" aria-label="Close"><span aria-hidden="true">&times;</span></button>
			</div>
		</div>
		<div class="utilityMenu utilityMenu-mobile hidden visible-xs visible-sm">
			<nav class="utilityMenu__wrapper" id="utilityMenu-mobile-wrapper"></nav>
			<div class="collapse-items-container"></div>
		</div>
	</div>
	<div class="search-mobile-wrapper collapse dont-collapse-flex-md hidden-md hidden-lg" id="search-mobile-wrapper">
		<form class="main-menu-search" aria-label="Search Trend Micro">
			<div class="main-menu-search__field-wrapper" id="cludo-search-form-mobile">
				<table cellspacing="0" cellpadding="0" class="gsc-search-box" style="width:100%">
					<tbody>
						<tr>
							<td class="gsc-input">
								<input type="text" size="10" class="gsc-input" name="search" title="search" placeholder="Search Trend Micro"/>
							</td>
							<td class="gsc-search-close collapsed" style="width:1%;" data-target="#search-mobile-wrapper" data-toggle="collapse">
								<span class="icon-close"></span>
							</td>
						</tr>
					</tbody>
				</table>
			</div>
		</form>
	</div>
</div>

</nav>
			</div>
		</div>
		<!-- Sticky Nav -->
		<div class="stickyNav">


<div class="page-nav-wrapper">
	<div class="inner-wrapper">
		<!-- Sticky Nav - Article and Author Pages -->
		
    <!-- Page Properties Container -->
    <div class="page-properties-container">
        <div class="back-caret">
            <a href="https://www.trendmicro.com/en_gb/research.html">
                <span class="icon-chevron-left"></span>
            </a>
        </div>
        <div class="display-tag">
            
                <a href="https://www.trendmicro.com/en_gb/research.html?category=trend-micro-blogs:threats/cyber-threats">Cyber Threats</a>
            
        </div>
        <div class="page-title">Cryptocurrency-Mining Botnet Spreads via ADB, SSH</div>
    </div>

    <!-- AddThis Container -->
    <div class="addthis_toolbox addthis_default_style">
        <a class="addthis_button_compact addthis_link" href="#">
            <img src="/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/share-more.svg" class="addthis-icon" alt="Share"/>
        </a>
        <a class="addthis_button_print addthis_link" title="Print" href="#" tabindex="1000">
            <img src="/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/printer.svg" class="addthis-icon" alt="Print"/>
        </a>
        <div class="atclear"></div>
    </div>

    <!-- Subscribe Container -->
    <div class="subscribe">
        
    </div>

	</div>
</div>
</div>
	</div>
	<section class="folder-indicators slider">
		<div class="folder-indicators__wrapper">
			<p class="folder-indicators__title">Content added to Folio</p>
			<div class="folder-indicators__button-wrapper">
				<button class="folder-indicators__button counter" id="counter-folder">
					Folio (<span>0</span>)
				</button>
				<button class="folder-indicators__button close">close</button>
			</div>
		</div>
	</section>
</div>
</div>
<div class="root responsivegrid">


<div class="aem-Grid aem-Grid--12 aem-Grid--default--12 ">
    
    <div class="articleBodyNoHero aem-GridColumn aem-GridColumn--default--12"><div class="research-layout article container" role="contentinfo">
    <article class="research-layout--wrapper row" data-article-pageID="663991777">
        <div class="col-xs-12 col-md-12 one-column">
            <div class="col-xs-12 col-md-12">
                <div class="article-details" role="heading">
	<span class="article-details__bar" role="img"></span>
	<p class="article-details__display-tag">Cyber Threats</p>
	<h1 class="article-details__title">Cryptocurrency-Mining Botnet Spreads via ADB, SSH</h1>
	<p class="article-details__description">We observed a new cryptocurrency-mining botnet that arrives via open ADB (Android Debug Bridge) ports and can spread via SSH. This attack takes advantage of the way open ADB ports don’t have authentication by default.</p>
	<p class="article-details__author-by">By: Jindrich Karasek
		
			<time class="article-details__date">June 20, 2019</time>
		
		
		<span>Read time:&nbsp;</span><span class="eta"></span> (<span class="words"></span> words)
	</p>

	<div class="article-details__icons">
		<!--Add This-->
		<!-- Go to www.addthis.com/dashboard to customize your tools -->
<div class="addthis_toolbox addthis_default_style">
	<a class="addthis_button_compact addthis_link">
		<img src="/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/share-more.svg" class="addthis-icon" alt="Share"/>
	</a>
	<a class="addthis_button_print addthis_link">
		<img src="/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/printer.svg" class="addthis-icon" alt="Print"/>
	</a>
</div>

		<!--Add to Folio-->
		<div class="add-to-folio tooltip">
			<span class="icon-folio-thin"></span>
			<div class="right">
				<p>Save to Folio</p>
				<i></i>
			</div>
		</div>

		<!--Subscribe-->
		<div class="subscribe">
			
		</div>
	</div>
</div>

            </div>
        </div>
		
		<hr class="research-layout-divider"/>

        <main class="main--content col-xs-12 col-md-8 col-md-push-2">
            <div>
	
    


	

</div>
            <div class="richText">
	
    


	
		<div>
			<p>We observed a new cryptocurrency-mining botnet malware that arrives via open ADB (Android Debug Bridge) ports and can spread via SSH. This attack takes advantage of the way open ADB ports don’t have authentication by default, similar to the Satori botnet variant we previously <a href="/en_gb/research/18/g/open-adb-ports-being-exploited-to-spread-possible-satori-variant-in-android-devices.html" target="_self">reported</a>. This bot’s design allows it to spread from the infected host to any system that has had a previous SSH connection with the host.</p>
<p>The use of ADB makes Android-based devices susceptible to the malware. We detected activity from this malware in 21 different countries, with the highest percentage found in South Korea.</p>
<p><b><span class="body-subhead-title">Technical details</span></b></p>
<p><b>ADB Arrival</b></p>
<p style="text-align: left;">We found that the IP address 45[.]67[.]14[.]179 connects to the ADB running device or system then conducts several activities. Figure 1 summarizes the attack's infection chain.</p>
<p style="text-align: center;"><a href="https://blog.trendmicro.com/trendlabs-security-intelligence/files/2019/06/Cryptocurrency-Mining-Botnet-Infection-Chain-01-003.jpg"><img src="/content/dam/trendmicro/global/en/migrated/security-intelligence-migration-spreadsheet/trendlabs-security-intelligence/2019/06/Cryptocurrency-Mining-Botnet-Infection-Chain-01-003-640x184.jpg"/></a></p>
<p style="text-align: center;">Figure 1. Infection chain of the attack</p>
<p>The attack starts by using the ADB command shell to change the attacked system’s working directory to “/data/local/tmp&quot;. This is because .tmp files typically have default permission to execute.</p>
<p>The bot then determines the kind of system it has entered and whether the system is a honeypot or not, as indicated by the command “uname –a”.</p>
<p>It then uses wget to download the payload, and curl if wget is not present in the infected system. The bot then issues the command &quot;chmod 777 a.sh&quot; to change the permission settings of the downloaded payload, allowing it to be executed.</p>
<p>Finally, when “a.sh” is executed, it is removed using the command &quot;rm -rf a.sh*&quot; to remove its traces. All these commands can be seen in the malware’s code as seen in Figure 2.</p>
<p style="text-align: center;"><a href="https://blog.trendmicro.com/trendlabs-security-intelligence/files/2019/06/figure-1.jpg"><img src="/content/dam/trendmicro/global/en/migrated/security-intelligence-migration-spreadsheet/trendlabs-security-intelligence/2019/06/figure-1-640x353.jpg"/></a></p>
<p style="text-align: center;">Figure 2. Snapshot of the malware’s script showing the commands it executes</p>
<p><b>The payload</b></p>
<p>The script for a.sh reveals that this attack will choose from three different downloadable miners. This can be seen in the output of the &quot;uname -m&quot; command, shown in Figure 2 above.</p>
<p>The uname –m command, once executed, gets the infected system's information, such as its manufacturer, hardware details, and processor architecture. The output from this command is used as a variable for determining the miner to use in the attack.</p>
<p>As mentioned earlier, if uname –m gets the string indicating the infected system's processor type, then it uses the additional wget command to download the miner. It will use curl if the system does not have wget.</p>
<p>The three miners that can be used for this attack are listed below, all of which are delivered by the same URL.</p>
<ul>
<li><span class="rte-red-bullet">http://198[.]98[.]51[.]104:282/x86/bash</span></li>
<li><span class="rte-red-bullet">http://198[.]98[.]51[.]104:282/arm/bash</span></li>
<li><span class="rte-red-bullet">http://198[.]98[.]51[.]104:282/aarch64/bash</span></li>
</ul>
<p>To optimize the mining activity, the script also enhances the victim’s memory by enabling <a href="https://docs.oracle.com/database/121/UNXAR/appi_vlm.htm#UNXAR391" target="_blank">HugePages</a>, which will help the system support memory pages that are greater than its default size. This ability can be seen in the script as &quot;/sbin/sysctl -w vm.nr_hugepages=128&quot;.</p>
<p>This botnet malware also tries to block its competitor by modifying <i>/etc/hosts</i>. By adding the additional record  “0.0.0.0 miningv2.duckdns.org”, it blocks the URL of the competing miner. It also kills that competitor’s  process with the command “pkill -9 r32”.</p>
<p>Lastly, it employs an evasion technique that involves deleting the downloaded files. After spreading to other devices connected to the system, it deletes its payload files, removing the traces on the victim host.</p>
<p><b>Spreading mechanism</b></p>
<p>Another notable aspect of this attack, although certainly not unique to it, is the presence of a spreading mechanism that uses SSH. Any system that has connected to the original victim being attacked via SSH is likely to have been listed as a “known” device on its operating system. Being a known device means the system can communicate with the other system without any further authentication after the initial key exchange, i.e., each system considers the other as safe. The presence of a spreading mechanism may mean that this malware can abuse the widely used process of making SSH connections.</p>
<p>This list of known devices and the SSH settings are saved in known_hosts, which can be seen in the malware’s code. The combination of known hosts and the victim's public key makes it possible for the malware to connect to smart devices or systems that have previously connected to the infected system. It does so using two spreaders, as can be seen in Figures 3 and 4.</p>
<p style="text-align: center;"><a href="https://blog.trendmicro.com/trendlabs-security-intelligence/files/2019/06/figure-3.jpg"><img src="/content/dam/trendmicro/global/en/migrated/security-intelligence-migration-spreadsheet/trendlabs-security-intelligence/2019/06/figure-3-640x51.jpg"/></a></p>
<p style="text-align: center;">Figure 3. Snapshot of the code showing the first spreader of the malware</p>
<p style="text-align: center;"><a href="https://blog.trendmicro.com/trendlabs-security-intelligence/files/2019/06/figure-4.jpg"><img src="/content/dam/trendmicro/global/en/migrated/security-intelligence-migration-spreadsheet/trendlabs-security-intelligence/2019/06/figure-4-640x61.jpg"/></a></p>
<p style="text-align: center;">Figure 4. Snapshot of the code showing the second spreader of the malware</p>
<p style="text-align: left;">The first spreader takes all the systems from known hosts by IPv4 addresses, accesses them, and installs the same miner used in the originally attacked system. The second script has the same purpose, but it searches in a different directory for the “known_hosts”. These two spreaders allow the malware to attack and likely infect the other systems that communicate with the first affected system.</p>
<p style="text-align: left;"><b><span class="body-subhead-title">Conclusion and security recommendations</span></b></p>
<p style="text-align: left;">Although ADB is a useful feature for administrators and developers, it is important to remember that an enabled ADB might expose the device and those connected to it to threats.</p>
<p style="text-align: left;">Users can also follow other best practices for defending against illicit cryptocurrency-mining activities and botnets, such as:</p>
<ul>
<li><span class="rte-red-bullet">Checking and changing default settings when necessary to increase security</span></li>
<li><span class="rte-red-bullet">Updating device firmware and applying available patches</span></li>
<li><span class="rte-red-bullet">Being aware of methods attackers use to spread these types of malware and tailoring defenses against them</span></li>
</ul>
<p>Android users can take advantage of <a href="/en_gb/forHome/products/mobile-security.html" target="_self">Trend Micro™ Mobile Security for Android™</a> (available on <a href="https://redirect.viglink.com/?format=go&amp;jsonp=vglnk_155275463321813&amp;key=0d3176c012db018d69225ad1c36210fa&amp;libId=jtbpzs7s0102jdmu000DA4f1o82ik&amp;subId=f9f1a771608a24e84c49a8532e282dc1&amp;cuid=f9f1a771608a24e84c49a8532e282dc1&amp;loc=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Fxloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing%2F&amp;v=1&amp;out=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.trendmicro.tmmspersonal&amp;ref=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Fcategory%2Fmobile%2Fpage%2F3%2F&amp;title=XLoader%20Android%20Spyware%20and%20Banking%20Trojan%20Distributed%20via%20DNS%20Spoofing%20-%20TrendLabs%20Security%20Intelligence%20Blog&amp;txt=Google%20Play" target="_blank">Google Play</a>) to block malicious apps that may exploit this vulnerability. End users and enterprises can also benefit from its multilayered security capabilities that secure devices’ data and privacy and safeguard them from ransomware, fraudulent websites, and identity theft. For organizations, <a href="/en_gb/business/products/user-protection/sps.html" target="_self">Trend Micro™ Mobile Security for Enterprise</a> provides device, compliance and application management, data protection, and configuration provisioning. It also protects devices from attacks that leverage vulnerabilities, prevents unauthorized access to apps, and detects and blocks malware and access to fraudulent websites.</p>
<p>Users can also adopt multilayered security solutions that can provide protection from various iterations of cryptocurrency-mining malware. <a href="http://go.trendmicro.com/sem/sem/www.trendmicro.com/us/business/xgen/index.html">Trend Micro XGen™ security</a> provides high-fidelity machine learning that can secure the gateway and endpoints, and protect physical, virtual, and cloud workloads.</p>
<p><b><span class="body-subhead-title">Indicators of Compromise (IoCs)</span></b></p>
<p><b>URLs</b></p>
<ul>
<li><span class="rte-red-bullet">45[.]67[.]14[.]179</span></li>
<li><span class="rte-red-bullet">http://198[.]98[.]51[.]104:282</span></li>
</ul>
<div class="responsive-table-wrap"><table border="1" width="100%">
<tbody><tr><td><b>SHA256</b></td>
<td width="237"><b>Detection Name</b></td>
<td width="70"><b>Filename</b></td>
</tr><tr><td width="480">1685bc0b9923c628fcb11bdf2967db3a0639b5f603204da658a14a99410802e3</td>
<td width="237">Coinminer.Linux.ADBMINER.A</td>
<td width="70">Bash</td>
</tr><tr><td width="480">4f4f6ffaf9ead9f90ed738c9100b073af241cadfd2be6b89ede6d42f2a87254f</td>
<td width="237">Trojan.Linux.ADBMINER.A</td>
<td width="70">1</td>
</tr><tr><td width="480">5d81436b511e9c39bdc5bcedf0ae6ac7ba6e1cb22f6d736d04b271d390c4675c</td>
<td width="237">Trojan.Linux.ADBMINER.A</td>
<td width="70">a.sh</td>
</tr><tr><td width="480">7cc15106ded4030b0e9468754cafd0ab08e5f23dca71f4020fad61c23744f034</td>
<td width="237">Trojan.Linux.ADBMINER.A</td>
<td width="70">2</td>
</tr><tr><td width="480">ebccd99b3fe1fa0a535e43b05e512958d4b2edfa5fa2ab5a7e218ef8f6ef57ad</td>
<td width="237">Trojan.Linux.ADBMINER.A</td>
<td width="70">i.sh</td>
</tr></tbody></table>
</div>
<p> </p>

		</div>
	

</div>
            <div class="image">
	
    


	

</div>
            <div>




</div>
            <section class="tag--list">
	<div class="tag--list-title">Tags</div>
	<div class="tag--list-tags">
		<a href="/en_gb/research.html?category=trend-micro-research:environments/mobile" class="tag--list-anchor">Mobile</a>
		
			<span class="tag--list-separator" role="separator">|</span>
		
	
		<a href="/en_gb/research.html?category=trend-micro-research:threats/cyber-threats" class="tag--list-anchor">Cyber Threats</a>
		
			<span class="tag--list-separator" role="separator">|</span>
		
	
		<a href="/en_gb/research.html?category=trend-micro-research:article-type/research" class="tag--list-anchor">Research</a>
		
	</div>
</section>

        </main>

        <sidebar class="sidebar--left col-xs-12 col-md-2 col-md-pull-8">
            


<h3 class="article-authors__title">
	
		Authors
	
</h3>

<!-- /* Show Trend Micro if we don't have any authors for this article */ -->


<ul class="article-authors__list">
	<li class="article-authors__list-items">
		
		<div class="article-authors__wrapper" role="contentinfo authors profile">
			
			
				<p class="article-authors__list-items__name">Jindrich Karasek</p>
			
			<p class="article-authors__list-items__position">Threat Researcher</p>
		</div>
	</li>
</ul>

<div class="article-authors__btn-wrapper" role="button">
	<a class="article-authors__button " href="mailto:tm_research@trendmicro.com" target="target" id="article-authors-contact-us-button">
		Contact Us
	</a>
</div>


	

    

        </sidebar>

        <sidebar class="sidebar--right col-xs-12 col-md-2">
            <div class="sidebar--wrapper" role="contentinfo sidebar">
                <div class="row-1" role="contentinfo related articles">
                    
	
    


	<div class="related--articles" role="contentinfo related articles">
		<h3 class="related--articles-title">Related Articles</h3>
		 <ul class="related--articles-items">
			<li class="related--articles-item">
				<a class="related--articles-item-anchor" href="/en_gb/research/21/l/examining-log4j-vulnerabilities-in-connected-cars.html">
					Examining Log4j Vulnerabilities in Connected Cars and Charging Stations
				</a> 
			</li>
		
			<li class="related--articles-item">
				<a class="related--articles-item-anchor" href="/en_gb/research/21/l/patch-now-apache-log4j-vulnerability-called-log4shell-being-acti.html">
					Patch Now: Apache Log4j Vulnerability Called Log4Shell Actively Exploited
				</a> 
			</li>
		
			<li class="related--articles-item">
				<a class="related--articles-item-anchor" href="/en_gb/research/21/l/log4j.html">
					What to Do About Log4j
				</a> 
			</li>
		</ul>
	</div>

	<div class="archived--link">
		<div class="archived--link-text">
			<a href="/en_gb/research.html">
				See all articles
			</a>
		</div>

		<div class="archived--link-icon">
			<a href="/en_gb/research.html">
				<span class="icon-chevron-right"></span>
			</a>
		</div>
	</div>


                </div>
            </div>
        </sidebar>
    </article>
</div></div>

    
</div>
</div>
<div class="footer">

<footer class="container-fluid container-fluid--hybrid">
	<div class="footer"><nav class="links-row">
	<div class="inner-container">
		<ul class="links-col">
			<li>
				<a href="/en_gb/business/get-info-form.html">
					Contact Sales
				</a>
			</li>
		
			<li>
				<a href="/en_gb/contact.html">
					Locations
				</a>
			</li>
		
			<li>
				<a href="/en_gb/about/careers.html">
					Careers
				</a>
			</li>
		
			<li>
				<a href="/en_gb/about/newsroom.html">
					Newsroom
				</a>
			</li>
		
			<li>
				<a href="/en_gb/about/trust-center.html">
					Trust Center
				</a>
			</li>
		
			<li>
				<a href="/en_gb/about/trust-center/privacy.html">
					Privacy
				</a>
			</li>
		
			<li>
				<a href="https://success.trendmicro.com/technical-support" target="_blank" rel="noopener noreferrer">
					Support
				</a>
			</li>
		
			<li>
				<a href="/en_gb/business/sitemap.html">
					Site map
				</a>
			</li>
		</ul>
	</div>
</nav>
<div class="social-copyright-row">
	<div class="inner-container">
		<div class="row">
			<ul class="col-md-6 social-media-links">
				<li>
					<a href="https://www.linkedin.com/company/trend-micro-europe" class="icon-" target="_blank" rel="noopener noreferrer">
						linkedin
					</a>
				</li>
			
				<li>
					<a href="https://twitter.com/trendmicrouk" class="icon-" target="_blank" rel="noopener noreferrer">
						twitter
					</a>
				</li>
			
				<li>
					<a href="https://www.facebook.com/TrendMicroEurope" class="icon-" target="_blank" rel="noopener noreferrer">
						facebook
					</a>
				</li>
			
				<li>
					<a href="https://www.youtube.com/user/TrendMicroEurope" class="icon-" target="_blank" rel="noopener noreferrer">
						youtube
					</a>
				</li>
			
				<li>
					<a href="https://www.instagram.com/trendmicro/" class="icon-" target="_blank" rel="noopener noreferrer">
						instagram
					</a>
				</li>
			
				<li>
					<a href="https://feeds.feedburner.com/TrendMicroSimplySecurity" class="icon-" target="_blank" rel="noopener noreferrer">
						rss
					</a>
				</li>
			</ul>
			<div class="col-md-6">
				<span class="copyright">Copyright © 2021 Trend Micro Incorporated. All rights reserved.</span>
			</div>
		</div>
	</div>
</div>
</div>
</footer>
</div>


			

<!-- /* Core functionality javascripts, absolute URL to leverage Akamai CDN */ -->
<script src="https://www.trendmicro.com/content/dam/trendmicro/global/core-library/sly.min.js"></script>
<script src="https://www.trendmicro.com/content/dam/trendmicro/global/core-library/jwplayer.js"></script>

<script type="text/javascript" src="https://www.youtube.com/iframe_api"></script>

            
    
    
<script type="text/javascript" src="/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.js"></script>



    


    

    

    
    

            

            
			<!--For Modal-start-->
			<div class="modal-wrap"></div>
			<div class="jwPlayerString hidden">
				<span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk</span>
			</div>
			<!--For Modal-end-->
        

		<!-- Go to www.addthis.com/dashboard to customize your tools -->
		<script type="text/javascript" src="//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-57bc9d0c3028a052"></script>		
    </body>
</html>
